Chapter Review

Chapter Review

This chapter looked at using Cisco VPN 3000 Series Concentrator devices in LAN-to- LAN VPN implementations. The VPN Concentrator works as an endpoint device in these implementations. While the peer device can be a router, PIX firewall, Cisco VPN 3002 hardware client, or third-party VPN device, this chapter and the features that will be tested on the exam assume Cisco VPN Concentrators will be on both ends of the link.

LAN-to-LAN (site-to-site) VPNs are a rapidly expanding alternative or augmentation to leased line or Frame Relay WAN infrastructures. VPNs are used to create secure tunnels between two networks via an insecure public network, such as the Internet. The Cisco Concentrator supports three types of tunnels: Layer 2 Tunneling Protocol (L2TP), Point-to-Point Tunneling Protocol (PPTP), and IPSec.

Extranet VPNs provide secure connections for special third parties, such as business partners, vendors, and customers to the specified enterprise resources.

The Concentrator menu-driven system is used to configure basic LAN-to-LAN VPN parameters, as well as to enable and define features like NAT Transparency and VPN routing features, such as reverse route injection (RRI) and Virtual Router Redundancy Protocol (VRRP).

Questions

1.?

Which one of the following tunnel protocols is not supported on Cisco Concentrators?

Layer 2 Tunneling Protocol (L2TP)

Point-to-Point Tunneling Protocol (PPTP)

IP Security (IPSec)

Layer 2 Forwarding (L2F)

2.?

Which three ports must be open on the entire data path for standard IPSec VPNs?

Protocol 50

Protocol 55

Protocol 51

UDP 500

3.?

Assuming LAN-to-LAN Network Lists are used, how many lists would a remote branch have in a hub-and-spoke topology?

1

2

1 for each spoke, plus one for the hub

None

4.?

Which is an example of a valid Network List entry?

192.168.10.0/255.255.255.0

192.168.10.0/24

192.168.10.0/0.0.0.255

192.168.10.0-192.168.10.255

5.?

How many LAN-to-LAN connections can be created with each VPN peer?

1

100

500

1000

6.?

What is the maximum total number of LAN-to-LAN connections supported on the VPN 3060 Concentrator?

100

500

700

1000

7.?

If the Configuration | System | Tunneling Protocols | IPSec | LAN-to-LAN | No Public Interfaces message is displayed, which statement is false?

You can configure the public interface

The LAN-to-LAN connection failed

You need to go to the Configure | Interfaces screen

The LAN-to-LAN connection must be redone

8.?

Which is not an IPSec NAT Transparency feature?

IPSec over TCP

IPSec over PPP

IPSec over UDP

IPSec over NAT Traversal

9.?

Which statement is not true about IPSec over TCP?

It supports both VPN Software Client and VPN 3002 Device

Requires v3.5 or higher of the VPN software

It takes precedence over all other IPSec implementations

Supports LAN-to-LAN connections

10.?

Which version of the VPN software is required to support NAT Traversal?

3.2

3.5

3.6

3.7

11.

11.?

What is the default port for IPSec over TCP?

520

4500

6300

10000

12.?

Which of the following could be used to create a LAN-to-LAN VPN connection between two networks with overlapping IP addresses?

NAT one LAN so they are no longer overlapping

Use PAT on the link

NAT both LANs

Renumber one or both LANs

13.?

Which Concentrator feature allows the VPN Concentrator to add static routes to its routing table, and then to share those routes with connected routers?

Route autodiscovery

VRRP

RRP

RRI

14.?

Which of the following causes the Concentrator to retain routing table entries that might otherwise be dropped because of link inactivity?